That's fine. Re-run Combofix anyway.Quote:
it tells me Avira Antivir is running
Printable View
That's fine. Re-run Combofix anyway.Quote:
it tells me Avira Antivir is running
Combo fix log:
ComboFix 10-08-08.01 - Terry 08/08/2010 19:45:43.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.189 [GMT -4:00]
Running from: c:\documents and settings\Terry.TERRYT\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: PC Tools AntiVirus Free *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.
2010-08-07 21:38 . 2010-08-07 21:38 -------- d-sh--w- c:\documents and settings\Administrator.TERRYT.002\IECompatCache
2010-08-07 18:40 . 2010-08-07 18:40 -------- d-----w- c:\documents and settings\Terry.TERRYT\Application Data\Malwarebytes
2010-08-07 16:23 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 16:23 . 2010-08-07 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 16:23 . 2010-08-07 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 16:23 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 16:17 . 2010-08-07 16:17 -------- d-sh--w- c:\documents and settings\Administrator.TERRYT.001\PrivacIE
2010-08-07 13:54 . 2010-08-07 13:54 -------- d-sh--w- c:\documents and settings\Administrator.TERRYT.001\IETldCache
2010-08-07 12:19 . 2010-08-07 18:28 -------- d-----w- c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\ssscvvkmp
2010-07-28 23:22 . 2010-08-05 20:19 -------- d-----w- c:\program files\PCPitstop
2010-07-27 21:15 . 2010-07-27 21:15 -------- d-----w- c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\Threat Expert
2010-07-27 21:11 . 2010-06-18 21:00 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-27 21:11 . 2010-06-18 21:00 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-07-27 21:11 . 2010-06-18 21:00 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-07-27 21:11 . 2010-06-18 21:00 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-27 21:11 . 2010-05-10 18:14 192 ----a-w- c:\windows\UDB.zip
2010-07-27 21:11 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-07-27 21:06 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-27 21:05 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-27 21:05 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-27 21:05 . 2010-08-08 23:30 -------- d-----w- c:\program files\PC Tools Security
2010-07-27 21:05 . 2010-07-27 21:05 -------- d-----w- c:\documents and settings\Terry.TERRYT\Application Data\PC Tools
2010-07-27 11:50 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-07-27 11:50 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-27 11:50 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-27 11:50 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-27 11:50 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-07-27 11:50 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-27 11:50 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-07-27 11:50 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-27 11:49 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-07-27 11:49 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-27 11:49 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-27 11:49 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-26 22:09 . 2010-07-27 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-07-26 22:09 . 2010-07-26 22:09 -------- d-----w- c:\program files\BitDefender
2010-07-26 22:05 . 2010-07-27 21:00 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-20 23:41 . 2010-07-20 23:41 -------- d-----w- c:\documents and settings\Terry.TERRYT\Application Data\ElevatedDiagnostics
2010-07-14 21:27 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 23:39 . 2008-02-12 22:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-08 22:09 . 2006-06-22 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 17:02 . 2010-08-07 17:02 -------- d-----w- c:\documents and settings\Administrator.TERRYT.002\Application Data\Malwarebytes
2010-08-05 20:19 . 2008-12-25 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-07-27 21:12 . 2009-10-21 21:53 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-09 00:16 . 2010-07-09 00:16 -------- d-----w- c:\program files\MSECache
2010-07-09 00:06 . 2010-06-05 03:00 1 ----a-w- c:\documents and settings\Terry.TERRYT\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-04 01:35 . 2010-07-04 01:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-04 01:31 . 2010-07-04 01:31 348160 ----a-w- c:\documents and settings\Mike.TERRYT.000\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-06-20 21:24 . 2006-12-26 23:58 65672 ----a-w- c:\documents and settings\Mike.TERRYT.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 14:31 . 2006-06-22 12:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 01:21 . 2006-12-28 19:09 65672 ----a-w- c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 01:14 . 2010-06-14 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-13 14:02 . 2010-04-08 01:44 0 ----a-w- c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\prvlcl.dat
2010-06-10 02:20 . 2006-06-22 12:23 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-6-22 593920]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry.TERRYT^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Terry.TERRYT\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 11:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-02-27 09:28 16005120 ----a-r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-01-20 04:34 544768 ----a-r- c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-08-25 07:25 737369 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [1/5/2006 4:33 AM 34144]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [1/5/2006 4:33 AM 28800]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/27/2010 5:05 PM 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/27/2010 5:11 PM 198608]
S3 ECIoCtrl32_001.sys;ECIoCtrl32_001.sys;\??\d:\driver\ICP\ECIoCtrl32_001.sys --> d:\driver\ICP\ECIoCtrl32_001.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/27/2010 5:05 PM 366840]
--- Other Services/Drivers In Memory ---
*Deregistered* - PCTSDInjDriver32
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: yahoo.com\www
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF - ProfilePath - c:\documents and settings\Terry.TERRYT\Application Data\Mozilla\Firefox\Profiles\b9b9s1mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
MSConfigStartUp-AAWTray - c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-PC Pitstop Optimize Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-twgpmenk - c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\ssscvvkmp\prodawvtssd.exe
MSConfigStartUp-ymetray - c:\program files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 21:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(876)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-08-08 21:49:09
ComboFix-quarantined-files.txt 2010-08-09 01:49
Pre-Run: 45,237,379,072 bytes free
Post-Run: 48,007,680,000 bytes free
- - End Of File - - DAC6B2F14AD8619B765F3EE28DEC689B
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:File::
c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\prvlcl.dat
c:\windows\Alcmtr.exe
d:\driver\ICP\ECIoCtrl32_001.sys
Folder::
c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\ssscvvkmp
Driver::
ECIoCtrl32_001.sys
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=-
SecCenter::
{804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
{804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
{804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
{804FD0EC-FFA4-00C8-0D24-347CA8A3377C}
{00000000-0000-0000-0000-000000000000}
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
https://discussions.virtualdr.com/im.../2016/03/2.gif
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
ComboFix 10-08-08.01 - Terry 08/08/2010 22:40:00.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.217 [GMT -4:00]
Running from: c:\documents and settings\Terry.TERRYT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Terry.TERRYT\Desktop\CFScript.txt
AV: PC Tools AntiVirus Free *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FILE ::
"c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\prvlcl.dat"
"c:\windows\Alcmtr.exe"
"d:\driver\ICP\ECIoCtrl32_001.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Terry.TERRYT\.exe
c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\prvlcl.dat
c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\ssscvvkmp
c:\windows\Alcmtr.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ECIOCTRL32_001.SYS
-------\Service_ECIoCtrl32_001.sys
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.
2010-08-07 21:38 . 2010-08-07 21:38 -------- d-sh--w- c:\documents and settings\Administrator.TERRYT.002\IECompatCache
2010-08-07 18:40 . 2010-08-07 18:40 -------- d-----w- c:\documents and settings\Terry.TERRYT\Application Data\Malwarebytes
2010-08-07 16:23 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 16:23 . 2010-08-07 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 16:23 . 2010-08-07 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 16:23 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 16:17 . 2010-08-07 16:17 -------- d-sh--w- c:\documents and settings\Administrator.TERRYT.001\PrivacIE
2010-08-07 13:54 . 2010-08-07 13:54 -------- d-sh--w- c:\documents and settings\Administrator.TERRYT.001\IETldCache
2010-07-28 23:22 . 2010-08-05 20:19 -------- d-----w- c:\program files\PCPitstop
2010-07-27 21:15 . 2010-07-27 21:15 -------- d-----w- c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\Threat Expert
2010-07-27 21:11 . 2010-06-18 21:00 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-27 21:11 . 2010-06-18 21:00 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-07-27 21:11 . 2010-06-18 21:00 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-07-27 21:11 . 2010-06-18 21:00 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-27 21:11 . 2010-05-10 18:14 192 ----a-w- c:\windows\UDB.zip
2010-07-27 21:11 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-07-27 21:06 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-27 21:05 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-27 21:05 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-27 21:05 . 2010-08-09 02:36 -------- d-----w- c:\program files\PC Tools Security
2010-07-27 21:05 . 2010-07-27 21:05 -------- d-----w- c:\documents and settings\Terry.TERRYT\Application Data\PC Tools
2010-07-27 11:50 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-07-27 11:50 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-27 11:50 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-27 11:50 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-27 11:50 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-07-27 11:50 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-27 11:50 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-07-27 11:50 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-27 11:49 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-07-27 11:49 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-27 11:49 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-27 11:49 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-26 22:09 . 2010-07-27 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-07-26 22:09 . 2010-07-26 22:09 -------- d-----w- c:\program files\BitDefender
2010-07-26 22:05 . 2010-07-27 21:00 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-20 23:41 . 2010-07-20 23:41 -------- d-----w- c:\documents and settings\Terry.TERRYT\Application Data\ElevatedDiagnostics
2010-07-14 21:27 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 02:51 . 2008-02-12 22:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-08 22:09 . 2006-06-22 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 17:02 . 2010-08-07 17:02 -------- d-----w- c:\documents and settings\Administrator.TERRYT.002\Application Data\Malwarebytes
2010-08-05 20:19 . 2008-12-25 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-07-27 21:12 . 2009-10-21 21:53 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-09 00:16 . 2010-07-09 00:16 -------- d-----w- c:\program files\MSECache
2010-07-09 00:06 . 2010-06-05 03:00 1 ----a-w- c:\documents and settings\Terry.TERRYT\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-04 01:35 . 2010-07-04 01:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-04 01:31 . 2010-07-04 01:31 348160 ----a-w- c:\documents and settings\Mike.TERRYT.000\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-06-20 21:24 . 2006-12-26 23:58 65672 ----a-w- c:\documents and settings\Mike.TERRYT.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 14:31 . 2006-06-22 12:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 01:21 . 2006-12-28 19:09 65672 ----a-w- c:\documents and settings\Terry.TERRYT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 01:14 . 2010-06-14 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-10 02:20 . 2006-06-22 12:23 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-6-22 593920]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry.TERRYT^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Terry.TERRYT\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 11:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-02-27 09:28 16005120 ----a-r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-01-20 04:34 544768 ----a-r- c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-08-25 07:25 737369 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [1/5/2006 4:33 AM 34144]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [1/5/2006 4:33 AM 28800]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/27/2010 5:05 PM 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/27/2010 5:11 PM 198608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/27/2010 5:05 PM 366840]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: yahoo.com\www
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF - ProfilePath - c:\documents and settings\Terry.TERRYT\Application Data\Mozilla\Firefox\Profiles\b9b9s1mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 22:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(876)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\system32\o2flash.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2010-08-08 22:58:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 02:58
ComboFix2.txt 2010-08-09 01:49
Pre-Run: 47,990,755,328 bytes free
Post-Run: 47,924,895,744 bytes free
- - End Of File - - 30D492D2BA39D4FEB6046488CC1B8A73
Good :)
How is computer doing at the moment?
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
============================================================
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Thanks Broni. It was working a lot better last night. I will do the above step when I get home this afternoon.
Today it took 9 minutes to boot up and about as long to open the home page. It just sat there and said connecting before it finally opened. It started this after I uninstalled combo fix. First report:
OTL Extras logfile created on: 8/9/2010 5:29:29 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Terry.TERRYT\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.00 Mb Total Physical Memory | 20.00 Mb Available Physical Memory | 4.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 17.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 44.61 Gb Free Space | 79.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TERRYT
Current User Name: Terry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FA065AE3-3D12-43C6-9986-734833E33481}" = ATI Catalyst Control Center
"{FE45EF11-F91F-4A39-A3CC-CD6B22FE4288}" = O2Micro Flash Memory Card Windows Driver V2.00
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BFGC" = Big Fish Games Client
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity
"Big Money Deluxe 1.3" = Big Money Deluxe 1.3
"Browser Defender_is1" = Browser Defender 3.0
"Budweiser Dale Jr" = Budweiser Dale Jr Screen Saver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Hide My IP Address_is1" = Hide My IP Address
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{FE45EF11-F91F-4A39-A3CC-CD6B22FE4288}" = O2Micro Flash Memory Card Windows Driver V2.00
"Luxor" = Luxor (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Spyware Doctor" = PC Tools AntiVirus Free
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/20/2010 6:21:10 PM | Computer Name = TERRYT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/20/2010 6:21:10 PM | Computer Name = TERRYT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/20/2010 6:21:11 PM | Computer Name = TERRYT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 7/20/2010 7:27:30 PM | Computer Name = TERRYT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/20/2010 7:27:30 PM | Computer Name = TERRYT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/26/2010 9:33:34 PM | Computer Name = TERRYT | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 7/27/2010 7:46:37 AM | Computer Name = TERRYT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/27/2010 7:46:37 AM | Computer Name = TERRYT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/28/2010 6:08:04 PM | Computer Name = TERRYT | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 8/7/2010 8:18:49 AM | Computer Name = TERRYT | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
[ System Events ]
Error - 8/7/2010 2:39:06 PM | Computer Name = TERRYT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 8/7/2010 2:48:43 PM | Computer Name = TERRYT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 8/7/2010 2:49:54 PM | Computer Name = TERRYT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm
Error - 8/7/2010 10:27:23 PM | Computer Name = TERRYT | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.
Error - 8/8/2010 3:07:43 PM | Computer Name = TERRYT | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 8/8/2010 3:24:00 PM | Computer Name = TERRYT | Source = Service Control Manager | ID = 7034
Description = The O2Micro Flash Memory service terminated unexpectedly. It has
done this 1 time(s).
Error - 8/8/2010 7:39:25 PM | Computer Name = TERRYT | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 8/8/2010 7:45:33 PM | Computer Name = TERRYT | Source = Service Control Manager | ID = 7034
Description = The O2Micro Flash Memory service terminated unexpectedly. It has
done this 1 time(s).
Error - 8/8/2010 10:37:07 PM | Computer Name = TERRYT | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 2 time(s).
Error - 8/8/2010 10:49:10 PM | Computer Name = TERRYT | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_ECIOCTRL32_001.SYS\0000 disappeared from the
system without first being prepared for removal.
< End of report >
Second report
OTL logfile created on: 8/9/2010 5:29:28 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Terry.TERRYT\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.00 Mb Total Physical Memory | 20.00 Mb Available Physical Memory | 4.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 17.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 44.61 Gb Free Space | 79.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TERRYT
Current User Name: Terry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/09 17:23:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry.TERRYT\Desktop\OTL.exe
PRC - [2010/06/18 17:00:10 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/15 12:30:24 | 000,593,920 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2006/01/05 04:33:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2006/01/02 20:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
========== Modules (SafeList) ==========
MOD - [2010/08/09 17:23:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry.TERRYT\Desktop\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/18 17:00:10 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2006/01/05 04:33:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/01 22:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/04/04 10:50:04 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/08 20:28:00 | 000,255,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/02/27 06:47:00 | 004,241,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/20 00:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/05 04:33:00 | 000,034,144 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/01/05 04:33:00 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/09/29 23:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/25 03:12:56 | 000,191,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
Another part of OTL Notepad:
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cust...ch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2010/07/27 17:11:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/07 12:58:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 21:08:06 | 000,000,000 | ---D | M]
[2008/11/02 15:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\Mozilla\Extensions
[2010/08/06 19:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\Mozilla\Firefox\Profiles\b9b9s1mg.default\extensions
[2010/07/28 17:55:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Terry.TERRYT\Application Data\Mozilla\Firefox\Profiles\b9b9s1mg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/10 20:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/08/08 22:51:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1167360043691 (WUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/def...jolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/22 08:24:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
========== Files/Folders - Created Within 90 Days ==========
[2010/08/09 17:23:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terry.TERRYT\Desktop\OTL.exe
[2010/08/09 16:58:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/09 16:56:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/08 22:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/08 15:14:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/08 15:08:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/08 15:08:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/08 15:08:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/08 15:08:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/08 15:08:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/08 15:05:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/07 14:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\Malwarebytes
[2010/08/07 12:23:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/07 12:23:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/07 12:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/07 12:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/28 19:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/07/28 18:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\My Documents\Downloads
[2010/07/27 17:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\Threat Expert
[2010/07/27 17:11:36 | 001,435,600 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/07/27 17:11:36 | 000,264,144 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/07/27 17:11:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/07/27 17:06:04 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/27 17:05:54 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/27 17:05:46 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/27 17:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/07/27 17:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\PC Tools
[2010/07/26 18:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/07/26 18:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/07/26 18:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/07/20 19:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\ElevatedDiagnostics
[2010/07/20 19:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/08 20:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/08 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/07/03 21:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/27 15:06:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/20 08:15:41 | 000,000,000 | ---D | C] -- C:\found.000
[2010/06/13 21:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/06/10 17:27:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/09 22:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/09 22:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/09 22:16:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/09 22:16:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/09 22:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/09 21:57:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/09 21:57:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/04 22:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\OpenOffice.org
[2010/06/04 18:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/06/04 18:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\Yahoo!
[2010/06/04 18:28:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
The rest of OTL Notepad.
[2010/08/09 17:23:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry.TERRYT\Desktop\OTL.exe
[2010/08/09 17:02:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 17:02:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 17:01:35 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\ntuser.dat
[2010/08/09 17:01:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Terry.TERRYT\ntuser.ini
[2010/08/08 22:51:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/08 22:51:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/08 18:48:55 | 000,000,491 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/08 18:48:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/07 13:02:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 18:34:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/05 16:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/28 18:08:18 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\housecall.guid.cache
[2010/07/27 17:05:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus Free.lnk
[2010/07/26 21:08:29 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Application DataProductTweaks.xml
[2010/07/26 21:08:27 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Application Datauser_gensett.xml
[2010/07/26 21:08:15 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Application Dataprivacy.xml
[2010/07/26 20:56:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/07/26 20:56:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2010/07/26 20:56:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/07/26 18:44:13 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/07/14 21:25:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/23 21:41:03 | 000,536,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 21:41:03 | 000,466,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 21:41:03 | 000,081,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/18 17:00:16 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/18 17:00:12 | 001,435,600 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/18 17:00:12 | 000,264,144 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/18 17:00:02 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/14 12:09:31 | 000,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/13 21:21:35 | 000,065,672 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/11 21:32:26 | 005,338,282 | -H-- | M] () -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\IconCache.db
[2010/06/09 22:05:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/04 23:07:36 | 000,013,898 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\My Documents\Rainbow Bridge.odt
[2010/06/04 18:38:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/08/08 15:14:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/08 15:14:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/08 15:08:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/08 15:08:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/08 15:08:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/08 15:08:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/08 15:08:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/07 12:23:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/28 18:08:18 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\housecall.guid.cache
[2010/07/27 17:11:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/27 17:11:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/07/27 17:11:36 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/07/27 17:11:36 | 000,000,192 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/07/27 17:11:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/07/27 17:06:04 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/27 17:05:54 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/27 17:05:54 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/27 17:05:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus Free.lnk
[2010/07/27 17:05:46 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/26 21:08:29 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Application DataProductTweaks.xml
[2010/07/26 21:08:27 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Application Datauser_gensett.xml
[2010/07/26 20:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/07/26 20:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/07/26 20:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/07/26 20:44:44 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Application Dataprivacy.xml
[2010/07/26 18:44:13 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/06/04 23:07:36 | 000,013,898 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\My Documents\Rainbow Bridge.odt
[2008/10/31 17:10:03 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/06/21 13:32:08 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/07/27 20:34:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/12/30 22:05:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/22 09:00:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/22 08:52:09 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2006/06/22 08:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/06/22 08:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/06/22 08:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/06/22 08:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/06/22 08:48:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/06/22 08:48:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/06/22 08:48:48 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/06/22 08:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/06/22 08:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/06/22 08:46:08 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/05 04:33:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2000/04/14 16:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
========== LOP Check ==========
[2010/07/27 17:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2007/03/07 21:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/01/10 16:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardian
[2010/08/05 16:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2007/07/07 21:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/05/05 21:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/01/17 18:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/12/29 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/09 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/30 23:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2008/11/22 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010/07/20 19:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\ElevatedDiagnostics
[2008/11/22 22:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\GetRightToGo
[2009/09/22 19:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\InfraRecorder
[2010/05/03 17:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\MSNInstaller
[2010/06/04 22:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\OpenOffice.org
[2007/07/07 21:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\PlayFirst
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/01/21 22:42:20 | 000,000,110 | -H-- | M] () -- C:\aaw7boot.cmd
[2006/12/29 22:58:19 | 002,424,840 | ---- | M] (Siber Systems) -- C:\AiRoboForm.exe
[2006/06/22 08:46:14 | 000,000,206 | ---- | M] () -- C:\audio.log
[2006/06/22 08:24:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/27 16:58:46 | 000,006,190 | ---- | M] () -- C:\bdlog.txt
[2010/08/05 16:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/08 18:48:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2006/06/22 08:50:35 | 000,000,032 | ---- | M] () -- C:\cardrdr.log
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/09/24 21:11:32 | 000,000,000 | ---- | M] () -- C:\cmserver.log
[2010/08/08 22:58:04 | 000,015,422 | ---- | M] () -- C:\ComboFix.txt
[2006/06/22 08:24:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/24 21:12:06 | 000,000,000 | ---- | M] () -- C:\conmgr.log
[2006/06/22 08:24:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/06/22 08:48:29 | 000,000,224 | ---- | M] () -- C:\lan.log
[2007/07/29 21:02:04 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2006/06/22 08:24:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/09 22:05:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/09 17:36:06 | 865,992,704 | -HS- | M] () -- C:\pagefile.sys
[2010/07/26 20:56:42 | 000,000,000 | ---- | M] () -- C:\pcversion.txt
[2007/05/27 19:30:04 | 000,024,985 | ---- | M] () -- C:\playground.log
[2006/06/22 08:46:14 | 000,000,443 | ---- | M] () -- C:\RHDSetup.log
[2010/08/07 12:20:37 | 000,000,452 | ---- | M] () -- C:\rkill.log
[2007/11/06 21:48:21 | 009,327,440 | ---- | M] () -- C:\Super Mario.exe
[2006/06/22 08:51:05 | 000,000,191 | ---- | M] () -- C:\touchpad.log
[2006/06/22 08:52:19 | 000,000,176 | ---- | M] () -- C:\wlan.log
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2006/04/04 09:31:30 | 000,286,720 | ---- | M] (ATI Technologies Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGR.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/06/22 00:35:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/22 00:35:56 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/22 00:35:56 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 01:25:24
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:126A6C0C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
Your computer would greatly benefit from adding another 512MB of RAM.
Update your Java version here: http://www.java.com/en/download/installed.jsp
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================================
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/08/01 22:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:126A6C0C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I will see if we can get more ram. It also looks like there are some things that did not completly uninstall; pcpitstop, trend micro etc. So how do I know for sure all that junk is gone when I uninstall?
Have done the Java update and the old Java removal. Will run the OTL scans and post. Report after fix:
All processes killed
========== OTL ==========
Service ssmdrv stopped successfully!
Service ssmdrv deleted successfully!
C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully.
Service tmcomm stopped successfully!
Service tmcomm deleted successfully!
C:\WINDOWS\system32\drivers\tmcomm.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\002977_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET103.tmp deleted successfully.
C:\WINDOWS\System32\SETF7.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:126A6C0C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes
User: Administrator.TERRYT
->Temporary Internet Files folder emptied: 32768 bytes
User: Administrator.TERRYT.000
->Temporary Internet Files folder emptied: 32768 bytes
User: Administrator.TERRYT.001
->Temp folder emptied: 523236 bytes
->Temporary Internet Files folder emptied: 10187314 bytes
->Flash cache emptied: 527 bytes
User: Administrator.TERRYT.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->FireFox cache emptied: 3856909 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Mike
->Temporary Internet Files folder emptied: 1283121 bytes
User: Mike.TERRYT
->Temp folder emptied: 709760 bytes
->Temporary Internet Files folder emptied: 1736583 bytes
User: Mike.TERRYT.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Flash cache emptied: 1024452 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Terry
->Temp folder emptied: 2129280 bytes
->Temporary Internet Files folder emptied: 1434298 bytes
User: Terry.TERRYT
->Temp folder emptied: 9446073 bytes
->Temporary Internet Files folder emptied: 16997871 bytes
->Java cache emptied: 148118988 bytes
->FireFox cache emptied: 80900112 bytes
->Flash cache emptied: 2004264 bytes
User: TERRY~1~TER
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4019667 bytes
Total Files Cleaned = 272.00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.TERRYT
User: Administrator.TERRYT.000
User: Administrator.TERRYT.001
->Flash cache emptied: 0 bytes
User: Administrator.TERRYT.002
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: LocalService
User: Mike
User: Mike.TERRYT
User: Mike.TERRYT.000
->Flash cache emptied: 0 bytes
User: NetworkService
User: Terry
User: Terry.TERRYT
->Flash cache emptied: 0 bytes
User: TERRY~1~TER
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 08092010_212456
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_74c.dat moved successfully.
Registry entries deleted on Reboot...
Quick Scan Report:
OTL logfile created on: 8/9/2010 9:35:16 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Terry.TERRYT\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 45.03 Gb Free Space | 80.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TERRYT
Current User Name: Terry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/09 17:23:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry.TERRYT\Desktop\OTL.exe
PRC - [2010/06/18 17:00:10 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/15 12:30:24 | 000,593,920 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2006/01/05 04:33:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2006/01/02 20:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
========== Modules (SafeList) ==========
MOD - [2010/08/09 17:23:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry.TERRYT\Desktop\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/18 17:00:10 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2006/01/05 04:33:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/04 10:50:04 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/08 20:28:00 | 000,255,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/02/27 06:47:00 | 004,241,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/20 00:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/05 04:33:00 | 000,034,144 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/01/05 04:33:00 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/09/29 23:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/25 03:12:56 | 000,191,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cust...ch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2010/07/27 17:11:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/07 12:58:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 21:02:04 | 000,000,000 | ---D | M]
[2008/11/02 15:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\Mozilla\Extensions
[2010/08/06 19:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\Mozilla\Firefox\Profiles\b9b9s1mg.default\extensions
[2010/07/28 17:55:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Terry.TERRYT\Application Data\Mozilla\Firefox\Profiles\b9b9s1mg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/09 21:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 21:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/09 21:01:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/08/08 22:51:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1167360043691 (WUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/def...jolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/22 08:24:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
Con't
[2010/08/09 21:24:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/09 21:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Desktop\JavaRa
[2010/08/09 21:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/09 17:23:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terry.TERRYT\Desktop\OTL.exe
[2010/08/09 16:58:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/09 16:56:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/08 22:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/08 15:14:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/08 15:08:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/08 15:08:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/08 15:08:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/08 15:08:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/08 15:08:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/08 15:05:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/07 14:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\Malwarebytes
[2010/08/07 12:23:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/07 12:23:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/07 12:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/07 12:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/28 19:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/07/28 18:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\My Documents\Downloads
[2010/07/27 17:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\Threat Expert
[2010/07/27 17:11:36 | 001,435,600 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/07/27 17:11:36 | 000,264,144 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/07/27 17:11:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/07/27 17:06:04 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/27 17:05:54 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/27 17:05:46 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/27 17:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/07/27 17:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\PC Tools
[2010/07/26 18:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/07/26 18:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/07/26 18:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/07/20 19:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\ElevatedDiagnostics
[2010/07/20 19:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/08 20:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/08 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/07/03 21:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/27 15:06:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/20 08:15:41 | 000,000,000 | ---D | C] -- C:\found.000
[2010/06/13 21:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/06/10 17:27:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/09 22:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/09 22:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/09 22:16:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/09 22:16:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/09 22:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/09 21:57:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/09 21:57:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/04 22:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\OpenOffice.org
[2010/06/04 18:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/06/04 18:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry.TERRYT\Application Data\Yahoo!
[2010/06/04 18:28:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
========== Files - Modified Within 90 Days ==========
[2010/08/09 21:29:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 21:29:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 21:05:04 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Desktop\JavaRa.zip
[2010/08/09 17:23:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry.TERRYT\Desktop\OTL.exe
[2010/08/09 17:01:35 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\ntuser.dat
[2010/08/09 17:01:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Terry.TERRYT\ntuser.ini
[2010/08/08 22:51:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/08 22:51:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/08 18:48:55 | 000,000,491 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/08 18:48:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/07 13:02:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 18:34:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/05 16:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/28 18:08:18 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\housecall.guid.cache
[2010/07/27 17:05:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus Free.lnk
[2010/07/26 21:08:29 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Application DataProductTweaks.xml
[2010/07/26 21:08:27 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Application Datauser_gensett.xml
[2010/07/26 21:08:15 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Application Dataprivacy.xml
[2010/07/26 20:56:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/07/26 20:56:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2010/07/26 20:56:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/07/26 18:44:13 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/07/14 21:25:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/23 21:41:03 | 000,536,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 21:41:03 | 000,466,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 21:41:03 | 000,081,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/18 17:00:16 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/18 17:00:12 | 001,435,600 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/18 17:00:12 | 000,264,144 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/18 17:00:02 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/14 12:09:31 | 000,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/13 21:21:35 | 000,065,672 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/11 21:32:26 | 005,338,282 | -H-- | M] () -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\IconCache.db
[2010/06/09 22:05:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/04 23:07:36 | 000,013,898 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\My Documents\Rainbow Bridge.odt
[2010/06/04 18:38:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Terry.TERRYT\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
========== Files Created - No Company Name ==========
[2010/08/09 21:05:03 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Desktop\JavaRa.zip
[2010/08/08 15:14:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/08 15:14:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/08 15:08:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/08 15:08:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/08 15:08:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/08 15:08:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/08 15:08:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/07 12:23:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/28 18:08:18 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Local Settings\Application Data\housecall.guid.cache
[2010/07/27 17:11:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/27 17:11:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/07/27 17:11:36 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/07/27 17:11:36 | 000,000,192 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/07/27 17:11:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/07/27 17:06:04 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/27 17:05:54 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/27 17:05:54 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/27 17:05:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus Free.lnk
[2010/07/27 17:05:46 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/26 21:08:29 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Application DataProductTweaks.xml
[2010/07/26 21:08:27 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Application Datauser_gensett.xml
[2010/07/26 20:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/07/26 20:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/07/26 20:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/07/26 20:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/07/26 20:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/07/26 20:44:44 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\Application Dataprivacy.xml
[2010/07/26 18:44:13 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/06/04 23:07:36 | 000,013,898 | ---- | C] () -- C:\Documents and Settings\Terry.TERRYT\My Documents\Rainbow Bridge.odt
[2008/10/31 17:10:03 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/06/21 13:32:08 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/07/27 20:34:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/12/30 22:05:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/22 09:00:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/22 08:52:09 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2006/06/22 08:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/06/22 08:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/06/22 08:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/06/22 08:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/06/22 08:48:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/06/22 08:48:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/06/22 08:48:48 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/06/22 08:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/06/22 08:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/06/22 08:46:08 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/05 04:33:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2000/04/14 16:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
color=#E56717]========== LOP Check ==========[/color]
[2010/07/27 17:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2007/03/07 21:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/01/10 16:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardian
[2010/08/05 16:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2007/07/07 21:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/05/05 21:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/01/17 18:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/12/29 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/09 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/30 23:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2008/11/22 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010/07/20 19:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\ElevatedDiagnostics
[2008/11/22 22:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\GetRightToGo
[2009/09/22 19:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\InfraRecorder
[2010/05/03 17:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\MSNInstaller
[2010/06/04 22:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\OpenOffice.org
[2007/07/07 21:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry.TERRYT\Application Data\PlayFirst
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >